如何捕获远程系统的网络流量? [英] How to Capture Remote System network traffic?

问题描述

我一直在使用wire-shark分析套接字程序的数据包，现在我想查看其他主机的通信量，因为我发现我需要使用仅在Linux平台上支持的监视模式，所以我尝试过，但我无法捕获网络中传输的任何数据包，列出为已捕获的0个数据包.

I have been using wire-shark to analyse the packets of socket programs, Now i want to see the traffic of other hosts traffic, as i found that i need to use monitor mode that is only supported in Linux platform, so i tried but i couldn't capture any packets that is transferred in my network, listing as 0 packets captured.

场景:

我有一个由50多个主机组成的网络(除我的外，所有主机均由Windows供电)，我的IP地址为192.168.1.10，当我在任何192.168.1.xx之间发起通信时，它会显示捕获的流量. 但是我的要求是从主机i.e监视192.168.1.21 b/w 192.168.1.22的流量.从192.168.1.10开始.

I'm having a network consisting of 50+ hosts (all are powered by windows Except mine), my IP address is 192.168.1.10, when i initiate a communication between any 192.168.1.xx it showing the captured traffic. But my requirement is to monitor the traffic of 192.168.1.21 b/w 192.168.1.22 from my host i,e. from 192.168.1.10.

1:是否有可能像我提到的那样捕获流量?

1: is it possible to capture the traffic as i mentioned?

2:如果可能的话，wire-shark是正确的工具吗(还是我必须使用其他工具)?

2: If it is possible then is wire-shark is right tool for it (or should i have to use differnt one)?

3:如果不可能，那为什么呢?

3: if it is not possible, then why?

推荐答案

您已连接到正在交换"流量的交换机.它基于您在mac地址上看到的流量.它会不向您发送不属于您的mac地址的流量.如果要监视所有流量，则需要将交换机配置为使用端口镜像"，并将嗅探器插入该端口.您无法在计算机上安装任何软件来规避网络交换的工作方式.

You are connected to a switch which is "switching" traffic. It bases the traffic you see on your mac address. It will NOT send you traffic that is not destined to your mac address. If you want to monitor all the traffic you need to configure your switch to use a "port mirror" and plug your sniffer into that port. There is no software that you can install on your machine that will circumvent the way network switching works.

http://en.wikipedia.org/wiki/Port_mirroring

这篇关于如何捕获远程系统的网络流量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！